Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/DO3CddDlUK6lT4LYyae10IHs4x4.roa
File:                     DO3CddDlUK6lT4LYyae10IHs4x4.roa (raw, json)
Hash identifier:          JmS3MpckXtGR/9l9x9dRXAHy6y2p/MbmEPmZQY37C7w=
Subject key identifier:   0C:ED:C2:75:D0:E5:50:AE:A5:4F:82:D8:C9:A7:B5:D0:81:EC:E3:1E
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7952E442D9B3DED13A53432CC28F01A
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/DO3CddDlUK6lT4LYyae10IHs4x4.roa
Signing time:             Tue 02 Jan 2024 00:31:31 +0000
ROA not before:           Tue 02 Jan 2024 00:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137263
IP address blocks:        193.233.194.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:2e:44:2d:9b:3d:ed:13:a5:34:32:cc:28:f0:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cedc275d0e550aea54f82d8c9a7b5d081ece31e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:31:30:05:31:05:97:65:75:69:54:80:52:e6:
                    fb:1a:aa:9d:d9:ff:24:46:01:11:51:74:6e:98:b0:
                    1a:87:e0:f5:5f:93:ec:fd:ce:6c:b3:df:c6:32:e6:
                    9c:01:dc:12:7d:7f:52:ff:6a:d5:c9:a0:ba:a4:ee:
                    66:d2:99:ef:36:d0:3c:ac:9f:d8:a4:ec:51:86:17:
                    be:77:07:76:c3:4f:e9:8a:25:6d:3a:28:44:ed:4d:
                    9e:9d:ca:c3:c2:ab:3e:3f:01:d9:1b:d4:94:21:aa:
                    5e:d6:dd:a0:87:6d:cd:a9:43:4b:74:4f:46:25:1f:
                    34:8c:e7:3f:a1:34:76:95:79:8b:50:ff:26:24:99:
                    ab:05:d0:b0:26:c0:76:86:cb:91:4f:c7:cb:d3:1d:
                    95:ae:f7:77:f2:87:45:e3:df:8e:d1:70:0b:75:45:
                    41:7e:74:11:61:ed:00:50:c3:37:2a:2c:96:ce:b8:
                    ce:99:21:8a:07:c7:3e:84:fa:df:74:b3:b3:9a:20:
                    a6:87:4c:1d:0e:87:d3:84:db:d9:ca:ef:cf:f3:d5:
                    0b:33:04:d3:2b:fa:90:f9:66:7e:10:6c:0b:f5:b0:
                    03:a1:63:dd:33:53:b0:60:f3:a1:2d:1e:a7:24:0d:
                    42:4e:c8:01:0d:4d:df:9a:d5:3e:0b:84:00:ff:b4:
                    f3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:ED:C2:75:D0:E5:50:AE:A5:4F:82:D8:C9:A7:B5:D0:81:EC:E3:1E
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/DO3CddDlUK6lT4LYyae10IHs4x4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.194.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:49:68:cd:6f:ab:fd:b5:fd:08:89:8a:10:bc:3a:cf:a4:d9:
         1e:cc:1d:08:ec:95:0e:71:d7:18:8c:4d:df:5a:13:6c:e9:1e:
         d0:ae:e3:a2:9e:66:85:5d:f6:d4:98:bd:ac:66:6d:6b:aa:a0:
         78:12:33:ff:d4:c2:94:11:e0:4d:5e:6a:e0:39:f6:0c:90:b6:
         8d:f3:e3:33:99:eb:60:da:74:24:c0:c6:ac:79:ed:c7:3c:f9:
         13:df:f5:e7:d1:cd:8a:9d:8c:6d:bc:6e:7f:9c:7d:59:88:75:
         ad:37:c3:cc:ab:e2:e0:f2:83:b7:5b:c8:06:bd:3d:d7:2b:ef:
         2e:24:04:3c:7e:22:9b:6d:a6:03:77:0f:50:56:cd:33:43:2c:
         2d:c6:e9:ce:33:ce:a8:f8:4b:fc:91:03:f2:b1:8f:3d:74:9f:
         85:81:f3:22:44:35:55:f0:14:c2:5f:b4:e7:dd:80:98:32:4a:
         ab:2f:86:65:a6:2b:41:4a:7b:6e:c3:ed:30:af:43:aa:18:d8:
         3a:f2:78:80:17:0e:bc:b6:f8:76:3e:99:73:2c:ed:66:74:67:
         4d:9e:9c:62:17:67:a8:b9:fe:3a:a9:f0:77:6e:48:17:89:cc:
         da:95:90:3c:ac:b3:bc:ef:83:ac:46:52:54:f0:dc:6c:12:6f:
         d9:a6:49:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlS5ELZs97ROlNDLMKPAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2VkYzI3NWQwZTU1MGFlYTU0ZjgyZDhjOWE3YjVkMDgxZWNlMzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTEwBTEFl2V1aVSAUub7Gqqd2f8k
RgERUXRumLAah+D1X5Ps/c5ss9/GMuacAdwSfX9S/2rVyaC6pO5m0pnvNtA8rJ/Y
pOxRhhe+dwd2w0/piiVtOihE7U2encrDwqs+PwHZG9SUIape1t2gh23NqUNLdE9G
JR80jOc/oTR2lXmLUP8mJJmrBdCwJsB2hsuRT8fL0x2Vrvd38odF49+O0XALdUVB
fnQRYe0AUMM3KiyWzrjOmSGKB8c+hPrfdLOzmiCmh0wdDofThNvZyu/P89ULMwTT
K/qQ+WZ+EGwL9bADoWPdM1OwYPOhLR6nJA1CTsgBDU3fmtU+C4QA/7TzEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAztwnXQ5VCupU+C2MmntdCB7OMeMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvRE8zQ2RkRGxVSzZsVDRMWXlhZTEwSUhzNHg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwenCMA0G
CSqGSIb3DQEBCwUAA4IBAQBUSWjNb6v9tf0IiYoQvDrPpNkezB0I7JUOcdcYjE3f
WhNs6R7QruOinmaFXfbUmL2sZm1rqqB4EjP/1MKUEeBNXmrgOfYMkLaN8+Mzmetg
2nQkwMasee3HPPkT3/Xn0c2KnYxtvG5/nH1ZiHWtN8PMq+Lg8oO3W8gGvT3XK+8u
JAQ8fiKbbaYDdw9QVs0zQywtxunOM86o+Ev8kQPysY89dJ+FgfMiRDVV8BTCX7Tn
3YCYMkqrL4ZlpitBSntuw+0wr0OqGNg68niAFw68tvh2PplzLO1mdGdNnpxiF2eo
uf46qfB3bkgXiczalZA8rLO874OsRlJU8NxsEm/Zpkk9
-----END CERTIFICATE-----